You are viewing an archived webpage. The information on this page may be out of date. Learn about EPIC's recent work at epic.org.

EPIC Alert 22.22

======================================================================= E P I C A l e r t ======================================================================= Volume 22.22 November 25, 2015 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, DC http://www.epic.org/alert/epic_alert_22.22.html "Defend Privacy. Support EPIC." http://epic.org/support ======================================================================= Table of Contents ======================================================================= [1] EPIC to Congress: Data Privacy and Security for 'Internet of Cars' [2] NGOs Reject 'Safe Harbor 2.0,' Urge EU, US on Fundamental Rights [3] EPIC Obtains Documents on Secret DNA Forensic Source Code [4] In Court: EPIC Pursues Drone Privacy Safeguards [5] EPIC Files Brief with MA High Court on Student Cell Phone Privacy [6] News in Brief [7] EPIC in the News [8] EPIC Bookstore [9] Upcoming Conferences and Events TAKE ACTION: Fight Back Against Illegal US/UK Surveillance! LEARN about Privacy International's "Did GCHQ Spy on You?" Campaign: https://www.privacyinternational.org/illegalspying MAKE A CLAIM with the Investigatory Powers Tribunal: http://www.ipt-uk.com/section.aspx?pageid=16 FOLLOW Privacy International on Facebook: https://www.facebook.com/PrivacyInternational TWEET Your Support: #DidGCHQSpyOnYou/ @privacyint SUPPORT EPIC: https://epic.org/support/ ======================================================================= [1] EPIC to Congress: Data Privacy and Security for 'Internet of Cars' ======================================================================= EPIC Associate Director Khaliah Barnes testified at a November 18 congressional hearing on "The Internet of Cars," addresing the safety and privacy issues around Internet-connected vehicles. In a written statement submitted to the House Subcommittee on Oversight and Government Reform, Ms. Barnes outlined the numerous privacy and safety issues raised by connected cars and urged immediate Congressional action. Ms. Barnes specifically recommended that Congress "(1) enact meaningful legislation, based on enforceable legal rights, that safeguard the privacy and security of American drivers; (2) establish civil fines for malicious hacking of vehicles; and (3) grant NHTSA rulemaking authority to establish necessary safeguards for connected vehicles." Ms. Barnes also favorably discussed the Security and Privacy in Your Car Act (SPY Car Act) of 2015, which emphasizes enforceable NHTSA rules and civil fines for offenders, and identified numerous shortcomings in a discussion draft of a House bill on connected car privacy and security. Ms. Barnes warned that connected cars could make drivers vulnerable to remote hacking. "Every day without car privacy and safety protections places countless drivers at risk of having their personal information - or worse, their physical safety - compromised," she explained. EPIC has extensively examined the privacy and data security implications of the Internet of Things and the "Internet of Cars," and recommended strong safeguards for consumers. EPIC has submitted comments on over 40 federal agency rulemakings on proposed privacy regulations. EPIC also has commented on the privacy implications of networked vehicles. EPIC: Testimony Before US House on "Internet of Cars" (Nov. 18, 2015) https://epic.org/redirect/112415-epic-connected-cars.html US House: Committee Hearing on "The Internet of Cars" (Nov. 18, 2015) https://oversight.house.gov/hearing/the-internet-of-cars/ Sen. Ed Markey (D-MA): Text of SPY Car Act (Jul. 21, 2015) http://www.markey.senate.gov/imo/media/doc/SPY%20Car%20legislation.pdf US House: Draft of Vehicle/Roadway Safety Bill (Oct. 13, 2015) https://epic.org/redirect/112415-house-car-safety-bill.html US House: Hearing on Vehicle and Roadway Safety (Oct. 21, 2015) https://epic.org/redirect/112415-house-car-safety-hearing.html EPIC: Internet of Things https://epic.org/privacy/internet/iot/ EPIC: Comments to FTC on Internet of Things (Jun. 1, 2013) https://epic.org/privacy/ftc/EPIC-FTC-IoT-Cmts.pdf EPIC: Automobile Event Data Recorders (Black Boxes) and Privacy https://epic.org/privacy/edrs/ EPIC et al.: Coalition Letter to NHTSA re: Black Boxes (Feb. 11, 2013) https://epic.org/privacy/edrs/EPIC-Coal-NHTSA-EDR-Cmts.pdf EPIC: Comments to NHTSA on V2V Communication (Oct. 20, 2014) https://epic.org/privacy/edrs/EPIC-NHTSA-V2V-Cmts.pdf Costco Connection: "Are Vehicle Black Boxes a Good Idea?" by EPIC President Marc Rotenberg (Apr. 2013) http://www.costcoconnection.com/connection/201304?pg=24#pg24 USA Today: "Another View: Stay Clear of Cars That Spy," by EPIC President Marc Rotenberg (Aug. 18, 2011) http://usatoday30.usatoday.com/news/opinion/editorials/2011-08-18- car-insurance-monitors-driving-snapshot_n.htm ======================================================================= [2] NGOs Reject 'Safe Harbor 2.0,' Urge EU, US on Fundamental Rights ======================================================================= Leading US and international human rights and consumer organizations have sent a letter to US and EU government officials, offering suggestions for a revised Safe Harbor agreement and urging them to protect the fundamental right to privacy. The groups cautioned EU Commissioner Vera Jourova and US Secretary of Commerce Penny Pritzker that without significant changes to US domestic law or international commitments, a Safe Harbor 2.0 will almost certainly fail, and recommended a list of 13 proposals for updating the Safe Harbor framework. The groups have called for: (1) Conspicuously posted, clearly written privacy policies on all self-certifying company websites (2) Company privacy policies clearly linked to the Safe Harbor website (3) Companies to include the privacy positions of their subcontractors (4) The Commerce Department to flag "not current" companies on the agency website (5) Links to alternative dispute resolution (ADR) providers (6) Ensuring that posted ADR providers are affordable (7) Monitoring of ADR providers by Commerce (8) Periodic checks of Safe Harbor companies to ensure compliance (9) Follow-up of companies that have been the subject of complaints (10) EU notification when a company is accused of false Safe Harbor compliance (11) Investigations into accusations of false Safe Harbor compliance (12) Privacy policies that include information on the extent of US data collection and retention (13) National Security privacy exemptions only used as appropriate. In addition to the Safe-Harbor-specific requests, the coalition also called for broader privacy reforms, including a comprehensive US privacy framework, strong encryption and an annual EU/US summit with the full participation of civil society organizations. NGO Coalition: Letter re: Safe Harbor (Nov. 12, 2015) http://thepublicvoice.org/EU-US-NGO-letter-Safe-Harbor-11-15.pdf Article 29 Working Party: Statement on Safe Harbor (Oct. 16, 2015) https://epic.org/redirect/103015-article-29-harbor-statement.html US House: Hearing on Safe Harbor (Oct. 27, 2015) https://epic.org/redirect/103015-house-harbor-hearing.html EU High Court: Press Release on Safe Harbor Decision (Oct. 6, 2015) https://epic.org/redirect/101615-safe-harbor-release.html EPIC: Max Schrems v Irish Data Protection Commissioner (Safe Harbor) https://epic.org/privacy/intl/schrems/default.html The New York Times: "Digital Privacy, in the U.S. and Europe," by Marc Rotenberg, Anna Fielder andJeff Chester (Oct. 13, 2015) http://www.nytimes.com/2015/10/13/opinion/digital-privacy-in-the- us-and-europe.html ======================================================================= [3] EPIC Obtains Documents on Secret DNA Forensic Source Code ======================================================================= In response to EPIC FOIA requests, local law enforcement agencies in Virginia and Pennsylvania have released documents to EPIC on "TrueAllele," a proprietary software program used in DNA forensic analysis. According to Cybergenetics, the Pittsburgh-based company that developed the program, "TrueAllele Casework is a computerized DNA interpretation system that objectively infers genetic profiles from all types of DNA samples." Law enforcement uses TrueAllele test results to establish guilt, but individuals accused of crimes have been denied access to the source code that produces the results. EPIC's initial FOIA request asked each state for the following: "1. All contracts, proposals, and technical specifications from Cybergenetics regarding the automated DNA-matching program TrueAllele; 2. All audits, assessments, and memoranda regarding the accuracy of TrueAllele; and 3. A copy of the source code and documentation for TrueAllele software." Virginia released to EPIC a validation study and validation summary prepared by the Virginia Department of Forensic Science. Pennsylvania produced purchase and service contracts, technical specifications and user manuals for TrueAllele. Agencies in California, Louisiana, Pennsylvania, and Virginia have stated that they do not have access to the TrueAllele source code they themselves use to produce evidence against defendants. EPIC's initial FOIA requests cited the importance of algorithmic transparency in the criminal justice system. EPIC: Secret DNA Forensic Source Code FOIA https://epic.org/state-policy/foia/dna-software/ EPIC: FOIA Request to State of PA re: TrueAllele (Oct. 15, 2015) https://epic.org/redirect/101615-PA-allele-foia.html EPIC: FOIA Request to State of VA re: TrueAllele (Oct. 13, 2015) https://epic.org/redirect/101615-VA-allele-foia.html Journal of Forensic Sciences: Article on TrueAllele (Sep. 2015) https://epic.org/redirect/112415-forensic-journal-allele.html VA Dept. of Forensic Science: TrueAllele Validation Summary (Aug. 2013) https://epic.org/redirect/112415-va-validation-summary.html EPIC: Genetic Privacy https://epic.org/privacy/genetic/ EPIC: State Policy Project https://epic.org/state-policy/ EPIC: Algorithmic Transparency https://epic.org/algorithmic-transparency/ EPIC: FOIA Cases https://epic.org/foia/ ======================================================================== [4] In Court: EPIC Pursues Drone Privacy Safeguards ======================================================================== EPIC has filed an additional brief in EPIC v. FAA, challenging the agency's rationale for dismissing EPIC's earlier petition requesting a rulemaking on drones and privacy. EPIC continues to argue that the FAA improperly ignored privacy issues in a recent rulemaking, stating, "the FAA refuses to address privacy in the drone rulemakings even though the agency concedes that drone integration presents significant privacy and civil liberties challenges that need to be addressed." The FAA's November 5 response brief conceded that the existing drone plan "recognizes the privacy issues that may be heightened by the unique capabilities" of small drones. "The size and the unique characteristics and capabilities" of small drones "may pose risks to individual privacy," the agency acknowledged. EPIC's lawsuit follows a congressional ruling requiring a "comprehensive plan" for the integration of drones into US airspace, and a 2012 EPIC-led petition for a public rulemaking on drone privacy safeguards. Although EPIC's petition was backed by more than 100 organizations and privacy experts, the FAA denied it. The agency also refused to consider privacy as part of a 2015 rulemaking on small commercial drones, maintaining that privacy was outside the rulemaking's scope. The FAA has granted 2,384 exemptions for commercial drone use as of November 20, 2015, 600 of those since EPIC's opening brief in September 2015. EPIC has called on the US Court of Appeals for the DC Circuit to direct the FAA to address drone privacy. "As the agency has determined not to issue rules, contrary to the FAA Modernization Act and EPIC's rulemaking petition, the Court must now order the agency to do so," EPIC argued. The United States Court of Appeals for the DC Circuit is expected to hear argument in the case in early 2016. In October 2015, the Department of Transportation and the FAA announced that drone operators will be required to register with a national drone registration database. EPIC argued in comments to the FAA that registration is critical for public safety and privacy protection. EPIC also recommended that the FAA require drones to broadcast identification information, that the registration database detail a drone's surveillance capabilities and that the agency provide privacy protections for drone hobbyists. An FAA task force, lacking any privacy experts, is developing a plan for a national registry. EPIC: EPIC Reply Brief in EPIC v. FAA (Nov. 18, 2015) https://epic.org/redirect/112415-epic-faa-reply-brief.html EPIC: FAA Response Brief in EPIC v. FAA (Nov. 4, 2015) https://epic.org/privacy/drones/epicvfaa/1581988-FAA-Brief.pdf EPIC: EPIC v. FAA Opening Brief (Sep. 29, 2015) https://epic.org/redirect/093015-epic-faa-brief.html EPIC: Comments to FAA re: Drone Privacy (Apr. 24, 2015) http://epic.org/privacy/litigation/apa/faa/drones/EPIC-FAA-NPRM.pdf FAA: Proposed Rules for Small Commercial Drones (Feb. 23, 2015) http://www.gpo.gov/fdsys/pkg/FR-2015-02-23/pdf/2015-03544.pdf EPIC: EPIC v. FAA - Petition for Review (Mar. 31, 2015) https://epic.org/redirect/041515-epic-drone-petition.html FAA: Modernization and Reform Act of 2012 (Feb. 1, 2012) http://www.gpo.gov/fdsys/pkg/CRPT-112hrpt381/pdf/CRPT-112hrpt381.pdf FAA: Comprehensive Drone Plan (Sept. 2013) https://epic.org/redirect/041515-faa-drone-plan.html EPIC et al.: Petition to FAA re: Drones (Feb. 24, 2012) https://epic.org/privacy/drones/FAA-553e-Petition-03-08-12.pdf FAA: Denial of EPIC Petition to FAA (Nov. 26, 2014) https://epic.org/privacy/drones/FAA-Privacy-Rulemaking-Letter.pdf EPIC: Drone Registration Comments (Nov. 12, 2015) https://epic.org/privacy/drones/EPIC-FAA-Drone-Reg-Comments.pdf FAA: Drone Registration Announcement (Oct. 19, 2015) https://epic.org/redirect/103015-drone-registration.html EPIC: EPIC v. FAA https://epic.org/privacy/litigation/apa/faa/drones/ EPIC: Domestic Unmanned Aerial Vehicles (UAVs) https://epic.org/privacy/drones/ ======================================================================= [5] EPIC Files Brief with MA High Court on Student Cell Phone Privacy ======================================================================= EPIC has filed an amicus brief with the Massachusetts Supreme Judicial Court regarding a student privacy case. Commonwealth v. White concerns whether schools may turn over to the police a student's cell phone without a warrant. EPIC's brief argues that if law enforcement needs to seize a student's cell phone in the temporary possession of school officials, a warrant must be required. In Riley v. California, a unanimous Supreme Court held that a cell phone search required a warrant. EPIC cites the Riley decision, explaining, "Modern cell phones . . . implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet, or a purse." EPIC stressed the vast amount of personal data available both on the phone itself and from remote cloud servers accessible via applications. EPIC also discussed the trend towards enactment of school cell-phone use policies, but explained that cell phones themselves are not contraband. "A rule that permitted the police to obtain a student's cell phone without a warrant could be applied to all searches of all property involving all students," EPIC wrote. "It would permit generalized searches, almost entirely unbounded." "If police need to obtain a cell phone," EPIC argued, "the US Supreme Court has made clear the answer: 'get a warrant.'" The Massachusetts Supreme Judicial Court will hear oral arguments on December 8. EPIC previously filed an amicus brief in Commonwealth v. Connolly, a Massachusetts case concerning GPS tracking. The EPIC State Policy Project is based in Cambridge, MA. EPIC: Amicus Brief in Commonwealth v. White (Nov. 23, 2015) https://epic.org/redirect/112415-epic-amicus-commonwealth-white.html EPIC: Commonwealth v. White https://epic.org/amicus/massachusetts/white/ EPIC: Student Privacy https://epic.org/privacy/student/ EPIC: Riley v. California https://epic.org/amicus/cell-phone/riley/ EPIC: State Policy Project https://epic.org/state-policy/ ======================================================================= [6] News in Brief ======================================================================= EPIC Opposes NSA Plan to Expand Operations Database EPIC has submitted comments to the NSA, objecting to the agency's proposal to expand the "Operations Records" database. The database is already largely exempt from Privacy Act safeguards, and the proposal would vastly expand the types of information collected in the database and define new routine uses for that information. EPIC's comments addressed the privacy issues raised by the Operations Records database and the NSA's proposed changes, opposed further expansion of NSA's information collection activities and demanded that the NSA narrow the Privacy Act exemptions for the system if the proposal goes forward. EPIC has previously urged the NSA to conduct information-collection activities in compliance with the Privacy Act. EPIC: Comments to NSA re: 'Operations Records' Database (Nov. 20, 2015) https://epic.org/privacy/nsa/EPIC-NSA-SORN-Comments-2015.pdf Federal Register: Privacy Act of 1974; System of Records (Nov. 2010) https://epic.org/redirect/112415-privacy-act-sorn.html EPIC: The Privacy Act of 1974 https://epic.org/privacy/1974act/ EPIC: Petition to NSA re: Bulk Data Rulemaking (Jun. 17, 2013) https://epic.org/NSApetition/ EPIC et al: Letter to DoD re: Privacy Act (Oct. 21, 2013) https://epic.org/privacy/nsa/Coal-DoD-Priv-Program-Cmts.pdf EPIC Warns ICANN about Lack of Privacy for WHOIS Data In comments to ICANN, EPIC has urged the Internet policy organization to comply with privacy law and privacy standards. ICANN manages the WHOIS database, a publicly accessible repository of domain name registrants' contact information. EPIC has long criticized ICANN for exposing personal data to spammers, stalkers and criminal investigators. Internet privacy expert Stephanie Perrin recently stated, "The existing policy and trigger mechanisms reflect at best a basic failure to comprehend the way data protection law works, at worst a determination to be as difficult and intransigent as possible." In the latest comments, EPIC warned ICANN that failure to comply with legal standards could leave the organization subject to enforcement action following the Schrems decision in Europe. ICANN's final report is due December 1, 2015. EPIC: Comments to ICANN on WHOIS Privacy (Nov. 17, 2015) https://epic.org/privacy/whois/EPIC-Whois-Comments.pdf EPIC: WHOIS https://epic.org/privacy/whois/ EPIC: Report on WHOIS Privacy (Mar. 2003) https://epic.org/privacy/whois/privacy_issues_report.pdf EPIC: Letter to ICANN re: Task Force (Jan. 2007) https://epic.org/privacy/whois/comments.html ICANN: WHOIS Conflict Procedures (Oct. 15, 2015) https://epic.org/redirect/112415-icann-whois-conflict.html EPIC: Max Schrems v Irish Data Protection Commissioner https://epic.org/privacy/intl/schrems/ EPIC to Receive More Documents in Boater Surveillance Case A federal judge in Washington, DC has ordered the US Coast Guard to release to EPIC, within 60 days, additional documents on the "National Automated Identification System,' a controversial boater tracking program EPIC is investigating. According to FOIA documents previously obtained by EPIC, the Department of Homeland Security believes that boaters have "no expectation of privacy with regard to any information transmitted" on the Automated Identification System. The documents also reveal that the DHS fuses AIS data with other government data to develop detailed profiles on boaters. EPIC has previously expressed support for AIS to promote maritime safety, but warned that the NAIS system exceeds this purpose. In January 2016, EPIC expects to receive contracts and privacy impact assessments previously withheld. EPIC: EPIC v. USCG - Nationwide Automatic Identification System https://epic.org/foia/dhs/uscg/nais/ EPIC: EPIC v. USCG FOIA Documents (2015) https://epic.org/foia/dhs/uscg/nais/#foia EPIC: Press Release on NAIS Documents (Sep. 21, 2015) http://epic.org/foia/EPIC-v-CG-DHS-Release-09-21-15.pdf "Is AIS Chipping Away at Our Freedoms?" Practical Sailor (Feb. 2011) http://www.practical sailor.com/issues/37_2/features/Is_AIS_ Chipping_Away_at_Our_Freedoms_10135-1.html TSA Continues Delay of Legal Authority for Airport Body Scanners The Transportation Security Administration is expected to issue a final rule on airport body scanners by March 3, 2016, nearly five years after the DC Circuit Court of Appeals ordered the agency to "promptly" solicit pubic comments on the controversial scanners. In 2011, EPIC successfully challenged the TSA's unlawful deployment of airport body scanners. Following EPIC's lawsuit, backscatter x-ray devices were removed from US airports. Still, the agency continues to ignore public comments that overwhelmingly favor less invasive security screenings. DC Circuit Court: Schedule of Issuance/Body Scanners (Nov. 23, 2015) https://epic.org/privacy/body_scanners/In-re-CEI-DCC-15-1224.pdf DC Circuit Court of Appeals: Ruling in EPIC v. DHS (Jul. 11, 2011) http://epic.org/redirect/071911_circuit_opinion_epicvdhs.html EPIC: EPIC v. DHS (Suspension of Body Scanner Program) http://www.epic.org/redirect/031111EPICvDHS.html Reginfo.gov: Status of TSA Rulemaking (Fall 2015) https://epic.org/redirect/112415-reginfo-tsa-rulemaking.html EPIC: Comments to DHS on AIT (Jun. 24, 2013) https://epic.org/privacy/body_scanners/EPIC-TSA-NBS.pdf Regulations.gov: "Passenger Screening Using AIT" (2013) http://www.regulations.gov/#!docketDetail;D=TSA-2013-0004 Congress Examines (Lack of) Drone Privacy and Safety The US House Energy and Commerce Committee held a November 19 meeting examining "The Fast-Evolving Uses and Economic Impacts of Drones." Committee Chairman Michael Burgess (R-TX), echoing comments from other committee members, stated, "There are important questions around privacy laws and safety." The FAA Modernization and Reform Act of 2012 required the FAA to develop a "comprehensive plan" to integrate drones into US national airspace by September 30, 2015. Despite missing the deadline, the FAA has granted over 2,220 exemptions for commercial drones even as safety and privacy concerns increase. More than 100 privacy experts and organizations petitioned the FAA to establish privacy safeguards prior to the deployment of drones. EPIC has sued the agency in the case EPIC v. FAA to establish privacy rules for commercial drones. US House: Meeting to Examine Drone Safety (Nov. 19, 2015) https://epic.org/redirect/112415-house-drone-hearing.html FAA: FAA Modernization and Reform Act of 2012 (Feb 1, 2012) http://www.gpo.gov/fdsys/pkg/CRPT-112hrpt381/pdf/CRPT-112hrpt381.pdf FAA: Authorizations Granted Via Section 333 Exemptions (Nov. 20, 2015) https://epic.org/redirect/112415-faa-333-authorizations.html EPIC: Brief in EPIC v. FAA (Sep. 28, 2015) https://epic.org/redirect/093015-epic-faa-brief.html Administrative Decision Tosses LabMD Data Security Case An administrative law judge has dismissed an FTC complaint alleging that medical testing laboratory LabMD failed to provide reasonable data security for personal information. The judge found that the FTC's regulation of unfair trade practices requires demonstrating that consumer harm was "probable," not just "possible." The decision, which is not binding on federal or state courts, leaves in place an earlier decision in FTC v. Wyndham, which held that the FTC can enforce data security standards. EPIC filed an amicus brief in Wyndham, defending the FTC's "critical role in safeguarding consumer privacy and promoting stronger security standards." FTC Administrative Court: Decision in LabMD Complaint (Nov. 13, 2015) https://epic.org/redirect/112415-ftc-labmd.html US 3rd Circuit Court: Decision in FTC v. Wyndham (Aug. 24, 2015) https://epic.org/amicus/ftc/wyndham/Mem-Op-14-3514.pdf EPIC: FTC v. Wyndham https://epic.org/amicus/ftc/wyndham/ EPIC: Amicus Brief in FTC v. Wyndham (Nov. 12, 2014) https://epic.org/amicus/ftc/wyndham/Wyndham-Amicus-EPIC.pdf Federal Appeals Court Revives Google Cookie Tracking Suit A federal appeals court has reinstated a class action alleging that Google and Internet advertising companies unlawfully placed tracking cookies on users' web browsers. A reasonable jury could conclude that Google's "deceitful override of the plaintiffs' cookie blockers" constitutes a "serious invasion of privacy" under California law. The appeals court also held that tracked URLs could constitute "content" under the federal Wiretap Act, though it ultimately upheld the dismissal of all federal law claims for other reasons. EPIC filed an amicus brief in a similar case, In re Nickelodeon, arguing that Viacom's disclosure of IP addresses and unique device identifiers to Google violated the Video Privacy Protection Act. US 3rd Circuit Court: Reinstatement of In re Google (Nov. 10, 2015) http://www2.ca3.uscourts.gov/opinarch/134300p.pdf EPIC: Cookies https://epic.org/privacy/internet/cookies/ EPIC: Online Tracking and Behavioral Profiling http://epic.org/privacy/consumer/online_tracking_and_behavioral.html EPIC: In re Nickelodeon Consumer Privacy Litigation https://epic.org/amicus/vppa/nickelodeon/ EPIC: Video Privacy Protection Act https://epic.org/privacy/vppa/ Congress Explores Risk of Student-Record Data Breaches The US House Committee on Oversight and Government Reform held a November 17 hearing on the US Education Department's information security program. In 2014, the Department's Inspector General found that the "information systems continue to be vulnerable to serious security threats." The hearing revealed that the Education Department maintains at least 139 million Social Security numbers in a single database. The Department has 184 information systems, 120 of which are managed by outside parties. For years, EPIC has warned of growing student privacy and security risks, urging Congress to enact the Student Privacy Bill of Rights to protect student data. US House: Hearing on Student Privacy and Data Breaches (Nov. 17, 2015) https://epic.org/redirect/112415-house-student-breach.html US Education Dept.: Audit of Information Security Practices (Nov. 2014) https://epic.org/redirect/112415-ed-dept-security-audit.html EPIC: Student Privacy https://epic.org/privacy/student/ EPIC: EPIC v. The U.S. Department of Education (FERPA) https://epic.org/apa/ferpa/ EPIC: EPIC v. Education Department - Private Debt Collectors https://epic.org/foia/ed/ EPIC: Student Privacy Bill of Rights https://epic.org/privacy/student/bill-of-rights.html ======================================================================= [7] EPIC in the News ======================================================================= "Mobile carriers, tech companies get heated in text-message fight." Politico's Morning Tech, Nov. 24, 2015. http://www.politico.com/tipsheets/morning-tech/2015/11/mobile- carriers-tech-companies-get-heated-in-text-message-fight-fcc- lifeline-cases-referred-to-inspector-general-charter-talks-post- merger-share-of-high-speed-broadband-211437#ixzz3sSwcT33I "Drone Shopping? F.A.A. Rules May Hover Over Holidays." The New York Times, Nov. 23, 2015. http://www.nytimes.com/2015/11/24/technology/proposed-regulations- for-drones-are-released.html "Groups want OMB to reconsider info policy revisions." FCW, Nov. 23, 2015. https://fcw.com/articles/2015/11/23/a130-update-extension.aspx "Watch What You Say: The Cloud Might Be Listening." Wired, Nov. 20, 2015. http://www.wired.com/2015/11/clive-thompson-9/ "Influencers: Paris attacks don't justify government access to encryption." The Christian Science Monitor, Nov. 20, 2015. http://www.csmonitor.com/World/Passcode/Passcode-Influencers/2015/ 1120/Influencers-Paris-attacks-don-t-justify-government-access-to- encryption "The 'Internet of cars' will reduce accidents -- unless you're hacked." The Business Journals, Nov. 19, 2015. http://www.bizjournals.com/bizjournals/washingtonbureau/2015/11/ the-internet-of-cars-will-reduce-accidents-unless.html "Automakers urge Congress to limit regulation on 'Internet of Cars'." SC Magazine, Nov. 19, 2015. http://www.scmagazine.com/automakers-urge-congress-to-limit- regulation-on-internet-of-cars/article/455152/ "FAA Dragging On Drone Privacy Concerns, DC Circ. Told." Law360, Nov. 19, 2015. http://www.law360.com/privacy/articles/729465 "How far are you willing to let gov't go to keep you safe?" Fox News Special Report with Bret Baier [video], Nov. 19, 2015. http://www.foxnews.com/on-air/special-report-bret-baier/videos#p/ 86927/v/4622366443001 "Is it time to regulate the automotive Internet?" FCW, Nov. 19, 2015. https://fcw.com/articles/2015/11/19/car-hacking-hearing.aspx?m=1 "As Car Hacking Spurs Fears In Congress, Tesla And GM Push Back." BuzzFeed News, Nov. 19, 2015. http://www.buzzfeed.com/hamzashaban/as-car-hacking-spurs-fears-in- congress-tesla-and-gm-push-bac#.drRx72qJO "House panel examines safety risks and benefits of the 'Internet of Cars'." USA Today, Nov. 18, 2015. http://www.usatoday.com/story/news/2015/11/18/house-panel-examines- safety-risks-and-benefits-internet-cars/76001022/ "Paris Attacks Revive Debate on Encryption, Surveillance." Gadgets 360, Nov. 17, 2015. http://gadgets.ndtv.com/internet/news/paris-attacks-revive-debate- on-encryption-surveillance-766056 "FAA Urged To Consider Privacy Issues In Developing Registration Program." On the Radar, Nov. 16, 2015. http://ontheradar.foxrothschild.com/2015/11/articles/general-uas- news-and-developments/faa-urged-to-consider-privacy-issues-in- developing-registration-program/ "Fortify New US-EU Data Transfer Pact, Privacy Groups Urge." Law360, Nov. 13, 2015. http://www.law360.com/privacy/articles/726820 "Privacy Group Asks FAA For Tough Drone Registration Rules." Law360, Nov. 13, 2015. http://www.law360.com/articles/726864/privacy-group-asks-faa-for- tough-drone-registration-rules "Privacy groups warn a new Safe Harbor will be struck down." The Hill, Nov. 13, 2015. http://thehill.com/policy/cybersecurity/260037-privacy-groups-warn- a-new-safe-harbor-will-be-struck-down "'High-density' debate highlights false-choice funding conundrum." Politico, Nov. 13, 2015. http://www.politico.com/tipsheets/morning-transportation/2015/11/ high-density-debate-highlights-false-choice-funding-conundrum- transit-money-bottom-line-battle-welcome-to-the-open-skies-echo- chamber-fewer-late-flights-more-peeved-flyers-211260#ixzz3rO4CMUjo "House committee inquires about agency stingray policies." Fierce Government IT, Nov. 12, 2015. http://www.fiercegovernmentit.com/story/house-committee-inquires- about-agency-stingray-policies/2015-11-12 For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================= [8] EPIC Bookstore ======================================================================= "Privacy Law and Society, 3rd Edition," by Anita Allen, JD, PhD and Marc Rotenberg, JD, LLM. West Academic (Dec.2015). http://www.westacademic.com/Professors/ProductDetails.aspx?NSIID=48693 The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field. =================================== "Privacy in the Modern Age: The Search for Solutions," edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (May 2015). Price: $25.95. http://epic.org/buy-privacy-modern-age The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies. The contributors to this anthology don't simply describe these problems or warn about the loss of privacythey propose solutions. They look closely at business practices, public policy, and technology design and ask, "Should this continue? Is there a better approach?" They take seriously the dictum of Thomas Edison: "What one creates with his hand, he should control with his head." It's a new approach to the privacy debate, one that assumes privacy is worth protecting, that there are solutions to be found, and that the future is not yet known. This volume will be an essential reference for policy makers and researchers, journalists and scholars, and others looking for answers to one of the biggest challenges of our modern day. The premise is clear: There's a problem let's find a solution. Contributors include: Steven Aftergood, Ross Anderson, Christine L. Borgman (coauthored with Kent Wada and James F. Davis), Ryan Calo, Danielle Citron, Simon Davies, A. Michael Froomkin, Deborah Hurley, Kristina Irion, Jeff Jonas, Harry Lewis, Anna Lysyanskaya, Gary T. Marx, Aleecia M. McDonald, Dr. Pablo G. Molina, Peter G. Neumann, Helen Nissenbaum, Frank Pasquale, Dr. Deborah Peel, MD, Stephanie E. Perrin, Marc Rotenberg, Pamela Samuelson, Bruce Schneier, and Christopher Wolf. ===================================== "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. =================================== "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. =================================== "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. =================================== "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. =================================== EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore: http://www.epic.org/bookstore =================================== EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= December 2, 2015. "Algorithmic Transparency and Emerging Privacy Issues" Speaker: EPIC President Marc Rotenberg UNESCO Division for Freedom of Expression and Media Development Paris, France http://www.unesco.org/new/en/communication-and-information/ freedom-of-expression// January 27, 2016. EPIC 2016 International Champions of Freedom Awards Event. Computers, Privacy, and Data Protection Conference, Brussels. http://www.cpdpconferences.org/ June 6, 2016. EPIC 2016 Champions of Freedom Awards Event. Washington, DC. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://twitter.com/epicprivacy Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center (EPIC) is a non-profit, independent public interest research center in Washington, DC. EPIC was established in 1994 to focus public attention on emerging privacy issues. Today EPIC maintains one of the top privacy websites in the world. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, files amicus briefs on emerging privacy and civil liberties issues, and conducts policy research. For more information, visit http://www.epic.org. ======================================================================= Support EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/support Your contributions help support Freedom of Information Act litigation, strong and effective advocacy for the right of privacy, and continued public education. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 22.22-------------------------

Share this page:

Defend Privacy. Support EPIC.
US Needs a Data Protection Agency
2020 Election Security